Invicti detected that a critical form's action is targetted an HTTP resource.
If an attacker can intercept network traffic, he/she can steal users' credentials. In this case even though the form is served over HTTPS, it'll be submitted to an HTTP resource. This defeats the purpose of SSL protection for this form.
- See the remedy for solution.
- Move all of your critical forms to HTTPS and ensure their form actions are targetting HTTPS.